Monday, May 17, 2021

Firefox Buggier than IE: Which is Safer?

For all the grief Microsoft Corp. takes about having buggy software, a

new study shows the Mozilla Foundation’s Firefox actually had nearly

twice as many reported vulnerabilities as Internet Explorer in a

six-month span.

Does that make Explorer a safer browser to use?

Not necessarily, say security analysts. It just means IT administrators

and users need to be on alert no matter what browser they’re using.

”I can’t say that Internet Explorer is more secure than Firefox, but it

highlights the fact that no matter which browser you’re using, they have

vulnerabilities and it doesn’t matter if they’re open source or

proprietary,” says Gordon Haff, an analyst at Illuminata, an industry

analyst firm based in Nashua, N.H. ”You have to keep everything

up-to-date.”

Symantec’s Internet Security Threat Report, a twice annual analysis of

Internet security activity, shows that between January and June of this

year, Mozilla’s browser had 25 reported vulnerabilities — 18, or 72 percent, were

critical. In the same time period, Microsoft’s Internet Explorer had 13

reported vulnerabilities — eight, or 62 percent, were critical.

Patrick Martin, senior manager for security response at Symantec Corp.,

says Mozilla’s numbers from the first half of this year, actually were an

improvement over the second half of 2004, when it had 31 reported

vulnerabilities. Internet Explorer also is doing better, since it had 30

in that same time frame. Mozilla has produced more than one browser, but Firefox is far and away it’s most popular browser and the one mainly being measured in the study.

Martin says the report has ”raised a few eyebrows” since Firefox, an

open source browser, frequently is thought of as the safer alternative to

Internet Explorer. Firefox has picked up a strong number of new users in

the last year with many people looking to switch away from Microsoft’s

browser.

Apples and Oranges

Ken van Wyk, principal consultant for KRvW Associates, LLC and a

columnist for eSecurityPlanet, says many people may now suspect Internet

Explorer is a safer browser to use, but they should be careful about

comparing apples and oranges.

”The Mozilla code is out there. Anybody can look at it,” says van Wyk,

who is a Firefox user and plans to stay that way. ”Microsoft source code

is proprietary. It’s not available for public scrutiny. You’re comparing

based on two very different sets of inputs.

”Firefox is a newer product that has been out in the open source space

for a relatively short period of time,” he adds. ”It hasn’t been

exposed to public scrutiny for all that long. It’s not surprising to find

that many bugs in a product so new. It’s disappointing though.”

Ken Dunham, a senior engineer for VeriSign iDefense Intelligence based in

Mountain View, Calif., says it also comes down to how many virus writers

are attacking an application. Firefox has been relatively safe from

attack, whereas Internet Explorer has taken more than its share of hits.

”If you look at the numbers, who gets attacked? Internet Explorer users,

and especially IE users who are not patched,” says Dunham. ”I can say

that Firefox has fewer exploits to date and offers security through

obscurity. That might change in the future. There’s just not near as many

attacks, but the reality is it has a number of vulnerabilities that can

be exploited.”

Dunham, like the other analysts interviewed, says it comes down to being

vigilant no matter what browser you’re using.

”There’s no magic bullet,” says Dunham. ”If you’re on the Internet,

there are ways to be hit. Firefox offers security through obscurity.

There has only been one malicious code to date for Firefox-related

exploits. And there are hundreds for IE. People say, ‘I use Firefox so I

don’t get viruses.’ But this just shows that there is no magic bullet.”

Similar articles

Latest Articles

How IBM has Changed...

Think is IBM’s big annual conference, and again this year, it was digital. I’m noticing a sharp quality difference in shows like this where...

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...